CVE-2013-3597

Published: Aug 28, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.

Affected (10)

Products: Searchblox: Searchblox

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Searchblox Searchblox	Up to 7.5
Searchblox Searchblox	Version 6.2 build_1
Searchblox Searchblox	Version 6.3 build_1
Searchblox Searchblox	Version 6.4 build_1
Searchblox Searchblox	Version 6.4 build_2
Searchblox Searchblox	Version 7.0
Searchblox Searchblox	Version 7.1
Searchblox Searchblox	Version 7.2
Searchblox Searchblox	Version 7.3
Searchblox Searchblox	Version 7.4

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://buddhalabs.com/Advisories/WebAdvisories.html

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/592942

Source: cret@cert.org

US Government Resource

http://www.searchblox.com/developers-2/change-log

Source: cret@cert.org

http://buddhalabs.com/Advisories/WebAdvisories.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/592942

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.searchblox.com/developers-2/change-log

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.